Welcome to the SecAware blog

I spy with my beady eye ...

31 Dec 2019

NBlog January - ISO27k awareness & training materials

January's security awareness and training materials concern a topic I've been itching to cover for years, literally (the years part, not the itching ... thanks to the magic ointment).

I've been a user and fan of the ISO/IEC 27000 series standards since forever, before they were even conceived, even before BS 7799 was published.

From the original corporate security policy and 'code of practice' on information security (essentially a catalogue of information security controls), ISO27k has grown into a family of related standards, along the way assimilating a couple of other standards and, lately, expanding into privacy, eDiscovery, IoT, smart cities, big data and more.

Making sense of the bewildering scope of today's ISO27k was a particular challenge for this awareness module ...

... and of course ISO27k is not the only source of guidance out there ...

The module came together and turned out nicely ...

I'm especially pleased with how the ISO27k business case and metric (the 'universal KPI') turned out. They and the other awareness materials will serve double-duty in connection with our ongoing ISO27k consulting gigs.

The shiny new batch of ISO27k awareness content is available to download now at SecAware.com. It's our 70th information security awareness and training topic. Top that!

No comments:

Post a Comment